Hi Birger, Nice debate! On Wednesday 01 June 2005 13:52, Birger Tödtmann wrote:
Am Mittwoch, den 01.06.2005, 12:16 +0100 schrieb Ian G: [...]
The point is this: you *could* turn off SSL and it wouldn't make much difference to actual security in the short term at least, and maybe not even in the long term depending on the economic shifts.
Which depends a bit on the scale of your "could switch of". If some researchers start switching it off / inventing / testing something new, then your favourite phisher would not care, that's right.
Right. That's the point. It is not a universal and inescapable bad to fiddle with SSL/PKI.
[...]
But every time this good stuff is suggested, the developers, cryptographers, security experts and what have you suck air between their teeth in and say you can't change SSL or PKI because of this crypto blah blah reason.
My point is you can change it. Of course you can change it - and here's why: it's not being economically used over here (listening), and right over there (phishing), there is an economic loss waiting attention.
Maybe. But there's a flip-side to that coin. SSL and correlated technology helped to shift the common attack methods from sniffing (it was widely popular back then to install a sniffer whereever a hacker got his foot inside a network) towards advanced, in some sense "social engineering" attacks like phishing *because* it shifted the economics for the adversaries as it was more and more used to protect sensitive data-in-flight (and sniffing wasn't going to get him a lot of credit card data anymore).
OK, and that's where we get into poor use of data. Yes, sniffing of passwords existed back then. So we know that sniffing is quite possible and on reasonable scale, plausible technically. But the motive of sniffing back then was different. It was for attacking boxes. Access attack. Not for the purpose of theft of commercial data. It was a postulation that those that attacked boxes for access would also sniff for credit cards. But, we think that to have been a stretch (hence the outrageous title of this post) at least up until recently. Before 2004, these forces and attackers were disconnected. In 2004 they joined forces. In which case, you do now have quite a good case that the installation of sniffers could be used if there was nothing else worth picking up. So at least we now have the motive cleared up, if not the economic attack. (Darn ... I seem to have argued your case for you ;-) )
That this behaviour (sniffing) is a thing of the past does not mean it's not coming back to you if things are turned around: adversaries are strategically thinking people that adapt very fast to new circum- stances.
Indeed. It also doesn't mean that they will come and attack. Maybe it is a choice between the attack that is happening right now and the attack that will come back. Or maybe the choice is not really there, maybe we can cover both if we put our thinking caps on?
The discussion reminds me a bit of other popular economic issues: Many politicians and some economists all over the world, every year, are coming back to asking "Can't we loosen the control on inflation a bit? "Look, inflation is a thing of the past, we never got over 3% the last umteenth years, lets trigger some employment by relaxing monetary discipline now." The point is: it might work - but if not, your economy may end up in tiny little pieces. It's quite a risk, because you cannot test it. So the stance of many people is to be very conservative on things like that - and security folks are no exception. Maybe fiddling with SSL is really a nice idea. But if it fails at some point and we don't have a fallback infrastructure that's going to protect us from the sniffer-collector of the 90s, adversaries will be quite happy to bring them to new interesting uses then....
Nice analogy! Like all analogies it should be taken for descriptive power not presecription. The point being that one should not slavishly stick to an argument, one needs to establish principles. One principle is that we protect where money is being lost, over and above somewhere where someone says it was once lost in the past. And at least then we'll learn the appropriate balance when we get it wrong, which can't be much worse than now, coz we are getting it really wrong at the moment. (On the monetary economics analogy, if you said your principle was to eliminate inflation, I'd say fine! There is an easy way to do just that, just use gold as money, which has maintained its value throughout recorded history, not just the last century! The "targets" debate has been echoing on for decades, and there is no real end in sight.)
So I would suggest that listening for credit cards will never ever be an economic attack. Sniffing for random credit cards at the doorsteps of amazon will never ever be an economic attack, not because it isn't possible, but because there always likely to be easier pickings elsewhere.
And exactly this "always likely to be easier pickings" has to be weighted very, very carefully. The best thing to find out would be to make a poll within the black hat population.
That's one way. Another way is to put the fixes into browsers and trial it out there. To some extent this has been done - you can see for example Trustbar and Petname as both similar attempts, and a very different approach taken by Netcraft. The results are all positive. What is needed is a series of experiments to try out how different mechanisms work - there is no way that you or I could predict the perfect way. But we can't push those experiments so far forward unless we can convince the detractors of change to back off and let some experimentation be done. That is the problem with all these suggestions - they do some "change" to the model of SSL/PKI. And that change is sometimes good sometimes bad and sometimes completely dismissive - but they all get the same response being <sucks> you can't change SSL! </teeth> Consider petname. *All* it does is allow someone to put a name on a cert. That's all. But because it changes the security model about how a cert is supposed to protect users - in what might be thought of as a positive way - this has received resistance. That's what we are fighting against. That's why I have to go to such extraordinary lengths to show that it is possible to change the model.
But don't get me wrong - I am not saying that we should carry out a world wide pogrom on SSL/PKI. What I am saying is that once we accept that listening right now is not an issue - not a threat that is being actively dedended against - this allows us the wiggle room to deploy that infrastructure against phishing.
Does that make sense?
Yes and no. I think it is simply not relevant whether sniffing is a problem today but whether it will become one again tomorrow if you mess around with security mechanisms deployed right now.
Well, I'm establishing a point here - there is wiggle room, room to manouvre. This might mean SSL/PKI is reduced in strength. *OR* it might mean it is improved in strength. I really don't care, I'm interested in the results, not the way it was achieved. *OR* it might mean that SSL/PKI is bypassed totally. For an example of the latter, look at Netcraft. This is quite serious - they are putting out a tool that totally bypasses PKI/SSL in securing browsing. Is it insecure? Yes of course, and "it leaks my data like a seive" as one PKI guy said. Is it securing browsing? Yes! As recently reported, 60,000 downloads "within hours" for Firefox after it got slashdotted. The contradictions need to be addressed, and more seriously than just rejecting any change to SSL/PKI; by rejecting the minor changes by Trustbar and Petname, the way is open for the really dramatic and major changes like Netcraft. And it's insecure to boot!
iang
PS: nor does it matter whether I'm right or I'm wrong about my prediction that sniffing will be an economic attack or not - it's just a prediction about the future, just a hypothetical estimate.
But this very prediction is used as an argument by you. If the estimation on the risks is not correct, your reasoning is falling apart.
Not really. My point is that there is room to move. You can fiddle with the model. Nobody's talking about removing SSL/PKI, and I don't know why people keep assuming that it is on the agenda. There is simply too much code out there to remove it. What people are talking about is trying different things. The SSL/PKI people are pretty universally blocking those things at the moment, for whatever reasons, but sadly, because they are not taking the bigger picture seriously, they are somewhat in danger of being bypassed totally by things like Netcraft's plugin. Or worse (yes, there is worse than Netcraft's toolbar in the wings.)
What matters is now: what attacks are happening now. Does phishing exist, and does it take a lot of money? What can we do about it?
Right. Phishing is a very big problem. A huge problem. So is unemployment in many countries. But that's not a reason to relax monetary control. It's a reason to find the structural problem behind it and fix it. To make ends meet: phishing is not nessecarily a reason to fiddle with data-in-flight protective mechnisms like SSL, at least not in a big population.
So where is the structural problem in phishing? On the left is the phisher, on the right is the user. Between them is a wire, a browser, a PC, and a hook delivery mechanism. Over in the distance is the other victim, the online bank. So where's this structural problem and let's get in there and fix it? iang -- Advances in Financial Cryptography: https://www.financialcryptography.com/mt/archives/000458.html --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com